<a class="pat-plone-modal" data-pat-plone-modal="width: 75%; content: #page; title: ;" href="https://api.easytemp.ch/live/ins/10897605491079789220.html" target="_blank">
<div class="col titel">Metallbauer (w/m)</div>
I'm trying to load a job advert with pat-plone-modal from a different domain than the host, but keep getting "Cross-Origin Request Blocked" errors.
So I tried to setHeaders within the update method of the viewlet
response.setHeader("Access-Control-Allow-Headers", "Origin, X-Requested-With, X-Range, Range, Content-Type, Accept, Access-Control-Allow-Headers")
The headers are shown as response headers in the network tab, but still no luck...
What am I missing?
Unfortunately, that's the other way around: that's your domain which must be allowed by the api.easytemp.ch server.
So you can only do that if you do manage this server.
Thought it's about users security, so that I have to allow the request for the users browser.
Thanx for clearing that!
Can you explain why I'm able to access those resources via urllib or browser then?
That depends on the CORS policy defined by the server.
The server might accept regular visitor but forbid AJAX call (that's the case with api.easytemp.ch).
Similarly it could accept image src call, but not iframe call, etc.
Or you can decide to accept AJAX calls from www.easytemp.ch but not any other domain.
You can configure whatever you want in the server vhost.
See https://developer.mozilla.org/en-US/docs/Web/HTTP/Access_control_CORS if you need more details.